Archive for the ‘Computer Networking Techniques and Concepts’ Category

In a previous post I listed and described various organizations which are considered highly influential and authoritative across the wide field of information technology. These organizations are deeply involved in setting standards and best practices for nearly all facets of modern computing. One group which I neglected to include (but should have) is the North American Network Operators’ Group, or NANOG. Founded in 1994, NANOG describes itself as a “professional association for Internet engineering and architecture. Our core focus is on the technologies and systems that make the Internet function: core routing and switching; Internet inter-domain routing; the domain name system; peering and interconnection; and Internet core security. We also cover associated areas…such as data centers and optical networking.”

Although not a standards-setting body, NANOG provides a platform for knowledge exchange and professional networking opportunities in the form of their triannual meetings. These events serve as venues for some of the top minds in the industry to detail the findings of their research and to present the lessons learned from their real world work experiences. Recordings of the presentations are uploaded to the NANOG website and can be downloaded for free. This content serves as a fantastic educational resource for IT professionals who are seeking to keep their subject matter expertise sharp and relevant.

Internet Protocol version 6 (IPv6) is the next generation networking protocol that is slated to replace Internet Protocol version 4 (IPv4) as the dominant protocol powering modern computer networks and the global Internet.

The problem with IPv4 is that it was developed and initially rolled out in the 1970s and 80s, long before anyone had any idea of what the Internet would become (IPv4 is defined in RFC 791, published in 1981). Simply put, the ability for IPv4 to support modern Internet traffic is decreasing steadily. The Internet Engineering Task Force (IETF) recognized the potential for a crisis and commenced work on IPv4’s replacement in the mid-1990s.

The rest of this article will assume that you know why the Internet needs to evolve from IPv4 to IPv6. If you do not understand this, please stop reading and view this Youtube video of Vinton Cerf explaining the rationale behind the protocol migration (Cerf is considered one of the “fathers of the Internet”).

The death of IPv4 as a relevant networking protocol was delayed considerably by the deployment of two addressing-related solutions: Network Address Translation (NAT) and Classless InterDomain Routing (CIDR). However, given the current and projected growth in human population and the ever expanding quantity of devices connecting to the Internet, IPv6 is required to accommodate and sustain the necessary expansion of Internet availability and services. For example, two well-known technology growth sectors, mobile devices (e.g., smartphones) and cloud-based computing, require public IPv4 connectivity to function and therefore, they are contributing to the exhaustion of the public IPv4 address space (even with NAT relieving some pressure).

Despite their differences in age, IPv4 and IPv6 do share some characteristics. Both protocols were designed to allow for host identification, host discovery, and optimal routing. They both work at Layer 3 of the OSI networking model and at the internet layer of the TCP/IP networking model. In order for hosts to properly communicate using IPv4 or IPv6, they must be assigned a unique IP address. IPv6 hosts need the same information as IPv4 hosts to properly network, e.g., they need to know the IP addresses of DNS servers (to translate host names to IP addresses) and default gateways (to transmit to remote destinations). As in IPv4, IPv6 hosts will send packets directly to destinations on the same subnet.

However, as IPv6 was developed from the ground up to be a future-oriented redesign and modernization of the IP structure, IT professionals will notice that it offers many distinct advantages over its aging cousin. Some noteworthy differences are:

IP addressing – as described below, IPv6 addresses use a different format and can provide an astonishingly huge address space for network hosts, far larger than what IPv4 can offer.

Subnetting – it’s the subject that IT professionals love to hate. Believe it or not, the frustration that it caused me as a student years ago made me question whether I wanted to go into the information technology (IT) field. Furthermore, with the availability of many subnet calculator programs and subnetting websites, the ability to manually perform subnet calculations may seem superfluous at first. However, a solid understanding of IP subnetting will not only allow IT pros to create appropriately-sized networks in the absence of specialized software and web applications (on paper, for example), but given IP’s foundational role in modern computer networks and the global Internet, it behooves us to keep our comprehension of this protocol sharp. Lastly, if you plan on obtaining a networking certification like the Cisco CCNA, you are just going to have to master the material below.

The purpose of this article will be to thoroughly explain how IP subnetting works and to provide some relevant examples. Therefore a detailed analysis of all the workings of IP, such as packet structures, packet switching, and routing will not be provided. However, we will review what the Internet Protocol (IP) is, how it works, and what purpose it serves on networks. We will focus solely on Internet Protocol version 4 (IPv4) which is the version of IP that has powered the Internet revolution and remains the most widely utilized networking protocol today.

A subnetted network using variously sized subnet masks

Computers must share a common protocol to communicate, and nowadays IP has become ubiquitous on nearly all operating systems. So what does IP do? Simply put, IP allows computers to locate and facilitate communications with other hosts that are either on the same logical network or on separate, distinct networks (for instance, networks such as those owned by different organizations – businesses, universities, Internet service providers, etc.). IP provides for this communication by enabling the routing of data packets between sources and destinations, often through multiple intermediary hosts.

Any student of computer networking has surely heard it repeated a thousand times: switches work at Layer 2 of the OSI model and interpret MAC addresses, while routers work at Layer 3 and interpret IP addresses. In other words, a switch looks at the MAC address of the destination host and sends the frame only to that recipient (thus conserving bandwidth). A router directs network traffic in a similar manner, but references the target IP address instead of its MAC address (on a side note, those devices marketed as “routers” for home users generally provide more functionality than mere packet routing, such as IP address assignment (DHCP) and firewall filtering). Broadly speaking, switches connect hosts from the same network together while a router can connect whole networks together. To say this in IT Speak: switches connect hosts to form local area networks (LANs) while routers connect multiple LANs into wide area networks (WANs).

In addition to traffic forwarding based on MAC address, switches also detect packet collisions and can simultaneously manage multiple data streams destined to multiple ports. Routers, for their part, can perform network address translation (NAT) and basic packet filtering based on access control lists (ACLs).

With conventional switches and routers performing markedly different functions at layer 2 and layer 3 respectively, just what is meant by the term “layer 3 switch”? Isn’t this contradictory?

SSH is one of the protocols of the TCP/IP protocol suite found at the application layer (Layer 7) of the Open Systems Interconnection (OSI) network model. Officially specified in RFC 4251 (and later, several other RFCs) SSH functions in a way that is similar to telnet but is far more robust and capable. SSH lets you log in to other hosts, get a shell and execute commands on them (for more details, read up on the concept of the OS shell), and transfer files between hosts. The major difference between SSH and telnet as terminal emulation protocols is that SSH utilizes encryption and strong authentication while telnet transmits data (including passwords) in clear text, making it vulnerable to packet sniffing. SSH, in contrast, provides secure, reliable authentication and communication over data channels that might not be so trustworthy (such as the public Internet). Because the SSH protocol encrypts the communications between network devices, it decreases the chance of an attacker (possibly an internal user) sniffing traffic and obtaining sensitive data such as authentication credentials.

What is commonly called ‘SSH’ is actually a collection of utilities such as ssh, scp, slogin, and sftp. SSH can be used to effectively replace telnet in a manner almost invisible to users. However, in the background SSH sessions involve authentication, key exchange, encryption, and passphrase generation and storing, making SSH a complex protocol.

SSH versions

SSH version 1 was released in 1995; however, a few years later it was determined to be unreliable. SSHv1 is vulnerable to a well known exploit that allows an attacker to insert data into the communication stream, making it vulnerable to man-in-the-middle (MITM) attacks. In short, versions of SSH prior to v2.0 are not completely cryptographically safe, so they should not be used. Therefore this article will focus only on SSHv2. Bear in mind that if you see SSH version 1.99 installed, this means that the host supports both SSH v1.5 and v2 (see RFC 4253 for reference).

SSH encryption

SSH uses the public key (asymmetric) cryptographic model which means that data encryption between hosts utilizes two keys: a public key to encrypt the data, and a private key to decrypt it. The asymmetric keys are used to authenticate the SSH server and client and then to negotiate a symmetric key. This symmetric key is utilized for data encryption.

In my article detailing the command line utilities available for configuring and troubleshooting network properties on Windows and Linux, I mentioned some Linux tools that, while still included and functional in many Linux distributions, are actually considered deprecated and therefore should be phased out in favor of more modern replacements.

Specifically, the deprecated Linux networking commands in question are: arp, ifconfig, iptunnel, iwconfig, nameif, netstat, and route. These programs (except iwconfig) are included in the net-tools package that has been unmaintained for years. The functionality provided by several of these utilities has been reproduced and improved in the new iproute2 suite, primarily by using its new ip command. The iproute2 software code is available from Kernel.org. Iproute2 documentation is available from the Linux Foundation and PolicyRouting.org.

In my previous article describing the troubleshooting steps for faulty TCP/IP connections, I mentioned several commands such as ping, traceroute, and ipconfig that could assist you in pinpointing problematic network components. These commands and several others like them are commonly referred to as TCP/IP utilities because they are tools that let you perform diagnostics and queries on the network which you are examining.

To compliment Part 1 of this two-part series, Part 2 is a reference list of the TCP/IP utilities which will describe the intended uses and options for each. These tools natively run in command line interface (CLI) environments (or in Linux and Unix, “shell prompts”), but as several entries in this blog show, there are a great many graphical utilities available that let you use the TCP/IP utilities (and view their output) in graphical format. In this article, however, I will stick with the default CLI usage and functionality.

Remember: the best way to learn and understand these tools is to practice with them. Also bear in mind that knowledge of these commands is often essential during ethical hacking efforts and for networking certification exams.